Treats that this company is vulnerable to are but not limited to tornado, malware, equipment failure, stolen data, DoS attacks & social engineer. The like likelihood of each is moderate to high. Headquarter is located right in tornado alley. Since this building house all three serves, a direct hit would result in a total loss. Since the users connect to the LAN with Windows Vista which is very outdate the risk of malware is also high. Along with having all three servers in a central location, there is no mention of any backup locations or even if a DRP is in place. Therefore equipment failure (loss of data) is very high. There is a mention of a direct attached storage but it appears that there is no AUP in place. This means everyone has access to the data. Stolen confidential data of a customer is a serious and costly risk. There is no mention of any firewalls in place. If the servers are not protected by firewalls or intrusion detection systems can result in loss of availability. Users and social engineering is the weakest and easily the most vulnerable. Lack of access controls and security awareness can result in serious loss of confidentiality and hackers are real threat in today’s world. With the sales people accessing the network through a home office and share internet connection with headquarters, this is the bulk of the concern.
For each risk listed the following should be implanted:
• Tornado- the vulnerability here is location. You can either accept the risk by doing nothing because of the location or what I suggest is mitigate the risk by purchasing insurance.
• Malware-outdated software. This vulnerability can be avoided by installing anti-virus and keeping it updated.
• Equipment failure-no backup’s setup. This is another vulnerability that can be avoided by performing regular backups and keeping them at an offsite location.
• Stolen Data-access controls not implanted. Since the company has a direct